Is MAC filtering a false security measure?

Posted on March 29, 2008
Filed Under Network, Software, microsoft |

A couple of days ago I received my copy of IT Now magazine from the British Computer Society and spent some time reading the articles in the magazine. One interesting article by Steve Kennedy MBCS on WiFi security strategy is worth mentioning because I know many of you use WiFi connection at home and at work but do you know how secure is your wireless connection?

MAC filtering
Some of us like myself use MAC (media access control) filtering and WEP encryption to keep intruders away from our wireless network. WEP encryption is the common way to secure a wireless network but you must be wondering why I bother to use MAC filtering for my home network.

I use MAC filtering because I prefer to add another layer of security to my wireless network although we know that it can get cumbersome managing a list of MAC addresses each time someone wants to use my wireless connection to check their emails and surf the web. Managing my MAC filter is not a difficult task for me. I have around six to seven devices that I use to connect to the internet at home ranging from laptops, desktops and PDAs and I have configured my network not to give out more than 10 IP addresses using DHCP. That means I don’t allow more than 10 devices to access the internet using my wireless network at the same time.

Anyway, after reading Steve Kennedy’s article, I leant that there are holes in MAC filtering and it is actually a false security measure for securing your wireless network. Why do I say that? I say that because the behaviour of a Wireless Access Point when it is turned on, will by default send out beacon packets broadcasting that the Wireless Access Point is turned on and beacon packets are not encrypted by default. It contains network information such as the network name or SSID even if you have WEP encryption turned on.

Having said that, with most modern WiFi system you can disable beacon broadcast so your network name is not visible and devices won’t be able to find your wireless LAN unless they know it is there. So coming back to MAC filtering, if your wireless network is set to broadcast beacon information, the beacon information that is transmitted which contains your MAC addresses are not encrypted. So if I have a laptop that runs a software that is able to look at all the MAC addresses being used, I can then run another software to spoof the MAC address of your network card and gain access to your WiFi network. That is where MAC filtering fails but of course most network administrators will also have WEP security encryption enabled so you need to get pass the encryption authentication before you can actually hijack the wireless network for your own gains.

Changing MAC address software
I did a quick search on Google as always to find what software is available to change MAC addresses. Here are a few. Some are shareware and you have to pay to use it but most shareware have a trial period where you can use the software and decide if you want to purchase it.

Change MAC address AMAC 5.4
a-Mac
Mac Change
SMAC
Gentle MAC

Here is the link to the software listed above.

The Ultimate wireless security guide
We used to use MAC filtering and WEP encryption at work but our Network Manager made a smart move by ditching that wireless security strategy and adopted a more hardy Enterprise wireless LAN security strategy by deploying client side wireless configuration settings from Microsoft Active Directory with Group Policies.

That means only domain users within the company’s Active Directory will be able to use our wireless network. If Joe Bloggs or Jane Bloggs comes to the office and wants to use our wireless network, neither of them will be able to do so unless the Network Administrator adds them to the Active Directory list. This method of security uses the Active Directory credentials to authenticate a user’s credibility before allowing the user to join the wireless network.

Here is a good article from TechRepublic that I think you should read if you want to know more.

I hope you found this post useful and if you have anything you would like to add, please comment.

Sphere: Related Content

Other Related Posts:

Use SocialMarker to promote your website

Securing your WordPress installation

Upgrade to WordPress 2.3.2 to fix urgent security flaw

WordPress 2.3.3 released

Apple fixes over 40 holes in Mac OS X

If you've enjoyed reading this post then why not subscribe to received updates by email.

Enter your email address:

Delivered by FeedBurner

 Email This Post

Trackback This Post

Comments

Search

Advertise

• Recently Written

  • What are your 2009 Web Predictions?
  • Google Mobile App Easter Egg Discovered
  • SQL Server Integration Services is the new Data Transformation tool for SQL Server
  • Defragging your Mac is so 1980s
  • Using ASP.NET Extenders Part II
  • Using ASP.NET AJAX Extenders Part I
  • Download the Art & Science Of CSS e-book now
  • The Lost Identity
  • Finally a fix for what Facebook broke
  • The Revelation of Google Insights for Search

• Recently Commented Posts

  • Griffin PowerDock, a family affair
  • Monetize your parked domains with WhyPark.com
  • ShortGun Orc Flash game
  • Viral marketing with Entrecard advertising network
  • CommentLuv WordPress plugin

Top Commentators

• IDAPT (1)
• Web Hosting (1)

• Blogroll

  • Certless Designer
  • Documentation
  • e-leaguers - Web design
  • easy make money online
  • Heartbeat
  • Jayce Ooi’s Paradise
  • Plugins
  • Portachi web directory
  • Themes
  • Wordpress Blog Tips

                Josh`s Sanctum   Blogroll Me!     Directory  

Copyright © 2007-2008 ashchuan.com - Web Technology • Using Modernpaper theme created by Performancing